Deckhouse

Fixes


- **[node-manager]** Fix `cluster-autoscaler` configMap generation when a few node groups have the same priority. [3062](https://github.com/deckhouse/deckhouse/pull/3062)


See [CHANGELOG v1.40](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.40.md) for more details.

Fixes


- **[candi]** Changed desired kernel version to 5.11.0-46-generic for Ubuntu 20.04. [3043](https://github.com/deckhouse/deckhouse/pull/3043)
- **[monitoring-applications]** Fix the discovery hook for the `monitoring-applications` module. [3044](https://github.com/deckhouse/deckhouse/pull/3044)


See [CHANGELOG v1.40](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.40.md) for more details.

Fixes


- **[monitoring-kubernetes-control-plane]** Port to listen changed to 8008 because it is already used by the ingress-nginx module. [3019](https://github.com/deckhouse/deckhouse/pull/3019)


See [CHANGELOG v1.40](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.40.md) for more details.

The following components will be restarted during the update from the Deckhouse 1.39
- Kubernetes Control Plane components
- admission-policy-engine
- cert-manager
- cloud-provider-yandex
- cni-cilium
- dashboard
- extended-monitoring
- ingress-nginx
- kube-dns
- kube-proxy
- linstor
- log-shipper
- metallb
- monitoring-kubernetes
- node-local-dns
- node-manager
- openvpn
- prometheus
- pod-reloader
- snapshot-controller
- terraform-manager
- upmeter
- user-authn
- vertical-pod-autoscaler

Component version updates
- linstor-server: v1.20.0
- linstor-client: v1.15.1
- linstor-csi: v0.21.0
- linstor-api: v1.15.1
- piraeus-opeartor: v1.10.0
- piraeus-ha-controller: v1.10.0
- drbd: v9.2.0
- drbd-utils: v9.22.0
- drbd-reactor: v0.9.0
- csi-attacher: v4.0.0
- csi-resizer: v1.6.0

Major changes
- Support for the obsolete version of cert-manager (0.10) has been removed. Certificates obtained using the certmanager.k8s.io API resources will no longer be updated and must be migrated to use the `certificates.cert-manager.io` API. Use this command to scan for resources with an outdated API version: `kubectl get certificates.certmanager.k8s.io -A`.
- Support for the Ingress controllers with versions lower than 1.1 has been removed. Deckhouse will not update if there are such Ingress controllers in the cluster.
- The [monitoring-kubernetes-control-plane](https://deckhouse.io/en/documentation/latest/modules/340-monitoring-kubernetes-control-plane/) module has been refactored (it only works with the [control-plane-manager](https://deckhouse.io/en/documentation/latest/modules/040-control-plane-manager/) module).
- A kernel version check has been implemented for modules. The module will not start, and an alert will pop up if the node's kernel version does not meet the requirements. The kernel requirements are specified for the [cni-cilium](https://deckhouse.io/en/documentation/latest/modules/021-cni-cilium/) module and the case when it works with either the [istio](https://deckhouse.io/en/documentation/latest/modules/110-istio/), [openvpn](https://deckhouse.io/en/documentation/latest/modules/500-openvpn/), or [node-local-dns](https://deckhouse.io/en/documentation/latest/modules/350-node-local-dns/) module.
- [NodeGroup](https://deckhouse.io/en/documentation/latest/modules/040-node-manager/cr.html#nodegroup) now supports specifying **zero** as a lower limit for the number of nodes (the [minPerZone](https://deckhouse.io/en/documentation/latest/modules/040-node-manager/cr.html#nodegroup-v1-spec-cloudinstances-minperzone) parameter). In this case, the nodes will be added to the group when needed. The option to prioritize a group of nodes further increases the flexibility of node scaling.
- Components of the [linstor](https://deckhouse.io/en/documentation/latest/modules/041-linstor/) module have been updated; support for *Ubuntu 22.04* has been added.
- [RootCAData](https://deckhouse.io/en/documentation/latest/modules/150-user-authn/cr.html#dexprovider-v1-spec-oidc-rootcadata) and [InsecureSkipVerify](https://deckhouse.io/en/documentation/latest/modules/150-user-authn/cr.html#dexprovider-v1-spec-oidc-insecureskipverify) parameters for OIDC providers have been added to the [DexProvider](https://deckhouse.io/en/documentation/latest/modules/150-user-authn/cr.html#dexprovider) resource of the [user-authn](https://deckhouse.io/en/documentation/latest/modules/150-user-authn/) module. They allow for managing TLS certificate validation.
- The *Kubernetes Cluster -> Prometheus Benchmark* dashboard has been added to Grafana. It allows you to diagnose Prometheus-related problems (while the latter is running).


See [CHANGELOG v1.40](https://github.com/deckhouse/deckhouse/blob/main/CHANGELOG/CHANGELOG-v1.40.md) for more details.